An enterprise may employ a system of software and services, called a “security information and event management (SIEM) system,” for purposes of detecting and responding to security events that occur with the enterprise's computer system. In this manner, the SIEM system may monitor operations of the computer system (logon failures, communications with blacklisted domains, and so forth) for purposes of generating corresponding security alerts. A security operations center (SOC) of the enterprise may include a relatively large staff for purposes of addressing the security alerts. In this manner, analysts at the SOC may investigate the security alerts by manually gathering information about the users and devices that are mentioned in the alerts for such purposes as identifying alerts of concern and determining the appropriate remediation actions for these identified alerts.